@krotovm/gitlab-ai-review 1.0.30 → 1.0.33

package/README.md

@@ -55,6 +55,7 @@ Set these in your project/group CI settings:
 - `OPENAI_API_KEY` (required)
 - `OPENAI_BASE_URL` (optional, for OpenAI-compatible providers/proxies)
 - `AI_MODEL` (optional, default: `gpt-4o-mini`; example: `gpt-4o`)
+- `AI_PROMPT_PROFILE` (optional, default: `default`; one of `default` \| `weak`). Use `weak` for small or heavily-quantized models (≤ ~7B, local Ollama, etc.). The `weak` profile uses shorter system prompts, positive rules instead of negations, and inline few-shot examples for triage / per-file review / consolidation / verification, which dramatically improves output-format adherence on weak models.
 - `PROJECT_ACCESS_TOKEN` (optional for public projects, but required for most private projects; token with `api` scope)
 - `GITLAB_TOKEN` (optional alias for `PROJECT_ACCESS_TOKEN`)
 - `AI_REVIEW_ARTIFACT_HTML_FILE` (optional, default: `ai-review-report.html`; used with `--include-artifacts`)

package/dist/cli/args.js

@@ -1,5 +1,5 @@
 /** @format */
-import { DEFAULT_PROMPT_LIMITS, } from "../prompt/index.js";
+import { DEFAULT_PROMPT_LIMITS, parsePromptProfile as parsePromptProfileValue, } from "../prompt/index.js";
 export function requireEnvs(names) {
     const missing = names.filter((name) => {
         const value = process.env[name];
@@ -91,3 +91,8 @@ export function hasIgnoredExtension(filePath, ignoredExtensions) {
     const lowerPath = filePath.toLowerCase();
     return ignoredExtensions.some((ext) => lowerPath.endsWith(ext));
 }
+/** Reads AI_PROMPT_PROFILE (values: "default" | "weak"). Anything else falls
+ *  back to the default profile. */
+export function readPromptProfileFromEnv() {
+    return parsePromptProfileValue(process.env["AI_PROMPT_PROFILE"]);
+}

package/dist/cli/ci-review.js

@@ -1,6 +1,6 @@
 /** @format */
 import OpenAI from "openai";
-import { buildAnswer, buildConsolidatePrompt, buildFileReviewPrompt, buildPrompt, buildTriagePrompt, buildVerificationPrompt, extractCompletionText, parseTriageResponse, } from "../prompt/index.js";
+import { buildAnswer, buildConsolidatePrompt, buildFileReviewPrompt, buildPrompt, buildTriagePrompt, buildVerificationPrompt, DEFAULT_PROMPT_PROFILE, extractCompletionText, isEmptyReviewBody, NO_FINDINGS_SENTENCE, parseTriageResponseDetailed, parseTriageResponse, } from "../prompt/index.js";
 import { fetchFileAtRef, searchRepository, } from "../gitlab/services.js";
 import { logToolUsageMinimal, MAX_FILE_TOOL_ROUNDS, MAX_TOOL_ROUNDS, MAX_VERIFICATION_TOOL_ROUNDS, TOOL_NAME_GET_FILE, TOOL_NAME_GREP, } from "./tooling.js";
 async function appendDebugDump(_debugDumpFile, debugRecordWriter, record) {
@@ -162,12 +162,14 @@ async function mapWithConcurrency(items, concurrency, fn) {
     return results;
 }
 export async function reviewMergeRequestWithTools(params) {
-    const { openaiInstance, aiModel, promptLimits, changes, refs, gitLabProjectApiUrl, projectId, headers, forceTools, loggers, debugDumpFile, debugRecordWriter, } = params;
+    const { openaiInstance, aiModel, promptLimits, changes, refs, gitLabProjectApiUrl, projectId, headers, forceTools, promptProfile = DEFAULT_PROMPT_PROFILE, loggers, debugDumpFile, debugRecordWriter, } = params;
     const { logDebug, logStep } = loggers;
+    logStep(`Single-pass review started for ${changes.length} file(s) (fallback mode).`);
     const messages = buildPrompt({
         changes: changes.map((change) => ({ diff: change.diff })),
         limits: promptLimits,
         allowTools: true,
+        profile: promptProfile,
     });
     messages.push({
         role: "user",
@@ -217,6 +219,7 @@ export async function reviewMergeRequestWithTools(params) {
         },
     ];
     for (let round = 0; round < MAX_TOOL_ROUNDS; round += 1) {
+        logStep(`Single-pass round ${round + 1}/${MAX_TOOL_ROUNDS}: requesting model response...`);
         const completion = await createCompletionWithDebug({
             openaiInstance,
             requestLabel: `main_review_round_${round + 1}`,
@@ -236,6 +239,7 @@ export async function reviewMergeRequestWithTools(params) {
             return buildAnswer(completion);
         const toolCalls = message.tool_calls ?? [];
         logDebug(`main-review round=${round + 1} tool_calls=${toolCalls.length} finish_reason=${completion.choices[0]?.finish_reason ?? "unknown"}`);
+        logStep(`Single-pass round ${round + 1}: model returned ${toolCalls.length} tool call(s).`);
         if (toolCalls.length === 0)
             return buildAnswer(completion);
         messages.push({
@@ -290,6 +294,7 @@ export async function reviewMergeRequestWithTools(params) {
         role: "user",
         content: `Tool-call limit reached (${MAX_TOOL_ROUNDS}). Do not call any tools. Provide your best-effort final review now, strictly following the required output format. If confidence is low, return the exact no-issues sentence.`,
     });
+    logStep("Single-pass tool-call limit reached. Requesting final answer.");
     const finalCompletion = await createCompletionWithDebug({
         openaiInstance,
         requestLabel: "main_review_final_after_tool_limit",
@@ -305,7 +310,7 @@ export async function reviewMergeRequestWithTools(params) {
     return buildAnswer(finalCompletion);
 }
 async function runFileReviewWithTools(params) {
-    const { openaiInstance, aiModel, filePath, fileDiff, summary, otherChangedFiles, refs, gitLabProjectApiUrl, projectId, headers, forceTools, loggers, debugDumpFile, debugRecordWriter, } = params;
+    const { openaiInstance, aiModel, filePath, fileDiff, summary, otherChangedFiles, refs, gitLabProjectApiUrl, projectId, headers, forceTools, promptProfile, loggers, debugDumpFile, debugRecordWriter, } = params;
     const { logDebug, logStep } = loggers;
     const messages = buildFileReviewPrompt({
         filePath,
@@ -313,6 +318,7 @@ async function runFileReviewWithTools(params) {
         summary,
         otherChangedFiles,
         allowTools: true,
+        profile: promptProfile,
     });
     const tools = [
         {
@@ -374,11 +380,11 @@ async function runFileReviewWithTools(params) {
         });
         const msg = completion.choices[0]?.message;
         if (msg == null)
-            return extractCompletionText(completion) ?? "No issues found.";
+            return extractCompletionText(completion) ?? NO_FINDINGS_SENTENCE;
         const toolCalls = msg.tool_calls ?? [];
         logDebug(`file-review path=${filePath} round=${round + 1} tool_calls=${toolCalls.length} finish_reason=${completion.choices[0]?.finish_reason ?? "unknown"}`);
         if (toolCalls.length === 0)
-            return extractCompletionText(completion) ?? "No issues found.";
+            return extractCompletionText(completion) ?? NO_FINDINGS_SENTENCE;
         messages.push({
             role: "assistant",
             content: msg.content ?? "",
@@ -445,7 +451,7 @@ async function runFileReviewWithTools(params) {
             messages,
         },
     });
-    return extractCompletionText(final) ?? "No issues found.";
+    return extractCompletionText(final) ?? NO_FINDINGS_SENTENCE;
 }
 function draftHasStructuredFindings(consolidatedText) {
     return /-\s*\[(?:high|medium)\]/i.test(consolidatedText);
@@ -586,9 +592,9 @@ async function runVerificationWithTools(params) {
     });
 }
 export async function reviewMergeRequestMultiPass(params) {
-    const { openaiInstance, aiModel, promptLimits, changes, refs, gitLabProjectApiUrl, projectId, headers, maxFindings, reviewConcurrency, forceTools, loggers, debugDumpFile, debugRecordWriter, } = params;
+    const { openaiInstance, aiModel, promptLimits, changes, refs, gitLabProjectApiUrl, projectId, headers, maxFindings, reviewConcurrency, forceTools, promptProfile = DEFAULT_PROMPT_PROFILE, loggers, debugDumpFile, debugRecordWriter, } = params;
     const { logStep } = loggers;
-    logStep(`Pass 1/4: triaging ${changes.length} file(s)`);
+    logStep(`Pass 1/4: triaging ${changes.length} file(s) (prompt profile=${promptProfile})`);
     const triageInputs = changes.map((c) => ({
         path: c.new_path,
         new_file: c.new_file,
@@ -596,9 +602,11 @@ export async function reviewMergeRequestMultiPass(params) {
         renamed_file: c.renamed_file,
         diff: c.diff,
     }));
-    const triageMessages = buildTriagePrompt(triageInputs);
+    const triageMessages = buildTriagePrompt(triageInputs, promptProfile);
     let triageResult = null;
     let triageText = null;
+    let triageParseReason = null;
+    let triageParseError = null;
     try {
         const triageCompletion = await createCompletionWithDebug({
             openaiInstance,
@@ -614,8 +622,12 @@ export async function reviewMergeRequestMultiPass(params) {
             },
         });
         triageText = extractCompletionText(triageCompletion);
-        if (triageText != null)
-            triageResult = parseTriageResponse(triageText);
+        if (triageText != null) {
+            const triageParse = parseTriageResponseDetailed(triageText);
+            triageResult = triageParse.result;
+            triageParseReason = triageParse.reason;
+            triageParseError = triageParse.parseError;
+        }
     }
     catch (error) {
         logStep(`Triage pass failed: ${error?.message ?? error}. Falling back to single-pass.`);
@@ -624,7 +636,11 @@ export async function reviewMergeRequestMultiPass(params) {
         if (triageText != null) {
             const triagePreview = triageText.replace(/\s+/g, " ").trim().slice(0, 200);
             const looksLikeHtml = /<html|<!doctype html/i.test(triageText);
-            logStep(`Triage parse failed: expected JSON but got ${looksLikeHtml ? "HTML/non-JSON" : "non-JSON"} response. Preview: ${triagePreview || "<empty>"}`);
+            const parseReasonText = triageParseReason != null
+                ? `reason=${triageParseReason}`
+                : `reason=${looksLikeHtml ? "html_response" : "unknown_non_json"}`;
+            const parseErrorText = triageParseError != null ? ` parse_error=${triageParseError}` : "";
+            logStep(`Triage parse failed: ${parseReasonText}.${parseErrorText} Preview: ${triagePreview || "<empty>"}`);
         }
         else {
             logStep("Triage parse failed: model returned empty response body.");
@@ -640,6 +656,7 @@ export async function reviewMergeRequestMultiPass(params) {
             projectId,
             headers,
             forceTools,
+            promptProfile,
             loggers,
             debugDumpFile,
             debugRecordWriter,
@@ -671,6 +688,7 @@ export async function reviewMergeRequestMultiPass(params) {
             projectId,
             headers,
             forceTools,
+            promptProfile,
             loggers,
             debugDumpFile,
             debugRecordWriter,
@@ -682,10 +700,11 @@ export async function reviewMergeRequestMultiPass(params) {
         perFileFindings,
         summary: triageResult.summary,
         maxFindings,
+        profile: promptProfile,
     });
     if (consolidateMessages == null) {
         const DISCLAIMER = "This comment was generated by AI review bot.";
-        return `No confirmed bugs or high-value optimizations found.\n\n---\n_${DISCLAIMER}_`;
+        return `${NO_FINDINGS_SENTENCE}\n\n---\n_${DISCLAIMER}_`;
     }
     try {
         const consolidateCompletion = await createCompletionWithDebug({
@@ -711,6 +730,7 @@ export async function reviewMergeRequestMultiPass(params) {
             consolidatedFindings: consolidatedText,
             maxFindings,
             refs,
+            profile: promptProfile,
         });
         try {
             const verificationCompletion = await runVerificationWithTools({
@@ -738,10 +758,9 @@ export async function reviewMergeRequestMultiPass(params) {
         logStep(`Consolidation failed: ${error?.message ?? error}. Returning raw per-file findings.`);
         const DISCLAIMER = "This comment was generated by AI review bot.";
         const raw = perFileFindings
-            .filter((f) => !f.findings.includes("No issues found.") &&
-            !f.findings.includes("No confirmed bugs"))
+            .filter((f) => !isEmptyReviewBody(f.findings))
             .map((f) => f.findings)
             .join("\n");
-        return `${raw || "No confirmed bugs or high-value optimizations found."}\n\n---\n_${DISCLAIMER}_`;
+        return `${raw || NO_FINDINGS_SENTENCE}\n\n---\n_${DISCLAIMER}_`;
     }
 }

package/dist/cli.js

@@ -3,7 +3,7 @@
 import OpenAI from "openai";
 import { readFile } from "node:fs/promises";
 import { DEFAULT_MAX_FINDINGS, DEFAULT_REVIEW_CONCURRENCY, } from "./prompt/index.js";
-import { envOrDefault, envOrUndefined, hasDebugFlag, hasForceToolsFlag, hasIncludeArtifactsFlag, hasIgnoredExtension, parseIgnoreExtensions, parseNumberFlag, parsePromptLimits, requireEnvs, } from "./cli/args.js";
+import { envOrDefault, envOrUndefined, hasDebugFlag, hasForceToolsFlag, hasIncludeArtifactsFlag, hasIgnoredExtension, parseIgnoreExtensions, parseNumberFlag, parsePromptLimits, readPromptProfileFromEnv, requireEnvs, } from "./cli/args.js";
 import { reviewMergeRequestMultiPass } from "./cli/ci-review.js";
 import { fetchMergeRequestChanges, postMergeRequestNote, } from "./gitlab/services.js";
 import { renderDebugArtifactsHtml } from "./cli/debug-artifacts-html.js";
@@ -32,6 +32,9 @@ function printHelp() {
         "  OPENAI_API_KEY (required)  OpenAI API key.",
         "  OPENAI_BASE_URL (optional)  Custom OpenAI-compatible API base URL.",
         "  AI_MODEL      (optional)  OpenAI chat model, e.g. gpt-4o. Default: gpt-4o-mini.",
+        "  AI_PROMPT_PROFILE (optional)  Prompt style: \"default\" | \"weak\". Default: default.",
+        "                              Use \"weak\" for small/quantized models — shorter prompts,",
+        "                              positive rules, and few-shot examples.",
         "  PROJECT_ACCESS_TOKEN (optional)  GitLab Project/Personal Access Token for API calls (required for most private repos; should have api scope).",
         "",
         "CI-only env vars (provided by GitLab):",
@@ -77,6 +80,8 @@ async function main() {
     const maxFindings = parseNumberFlag(process.argv, "max-findings", DEFAULT_MAX_FINDINGS, 1);
     const reviewConcurrency = parseNumberFlag(process.argv, "max-review-concurrency", DEFAULT_REVIEW_CONCURRENCY, 1);
     const aiModel = envOrDefault("AI_MODEL", "gpt-4o-mini");
+    const promptProfile = readPromptProfileFromEnv();
+    logStep(`Prompt profile: ${promptProfile}`);
     const artifactHtmlFile = INCLUDE_ARTIFACTS
         ? envOrDefault("AI_REVIEW_ARTIFACT_HTML_FILE", "ai-review-report.html")
         : undefined;
@@ -86,6 +91,7 @@ async function main() {
             artifactRecords.push(record);
         }
         : undefined;
+    let artifactWritten = false;
     const loggers = { logStep, logDebug };
     const projectAccessToken = envOrUndefined("PROJECT_ACCESS_TOKEN") ?? envOrUndefined("GITLAB_TOKEN");
     const gitlabRequired = [
@@ -106,58 +112,72 @@ async function main() {
         headers["PRIVATE-TOKEN"] = projectAccessToken;
     else
         headers["JOB-TOKEN"] = envs["CI_JOB_TOKEN"];
-    logStep("Fetching merge request changes");
-    const mrChanges = await fetchMergeRequestChanges({
-        gitLabBaseUrl: new URL(ciApiV4Url),
-        headers,
-        projectId,
-        mergeRequestIid,
-    });
-    if (mrChanges instanceof Error)
-        throw mrChanges;
-    const filteredChanges = (mrChanges.changes ?? []).filter((change) => ignoredExtensions.length === 0 ||
-        (!hasIgnoredExtension(change.new_path, ignoredExtensions) &&
-            !hasIgnoredExtension(change.old_path, ignoredExtensions)));
-    if (filteredChanges.length === 0) {
-        process.stdout.write("No changes found in merge request. Skipping review.\n");
-        return;
-    }
-    logStep(`Requesting AI review with model: ${aiModel} (multi-pass pipeline)`);
-    const answer = await reviewMergeRequestMultiPass({
-        openaiInstance: new OpenAI({ apiKey: openaiApiKey }),
-        aiModel,
-        promptLimits,
-        changes: filteredChanges,
-        refs: {
-            base: mrChanges.diff_refs?.base_sha ?? "HEAD",
-            head: mrChanges.diff_refs?.head_sha ?? "HEAD",
-        },
-        gitLabProjectApiUrl: new URL(`${ciApiV4Url}/projects/${projectId}`),
-        projectId,
-        headers,
-        maxFindings,
-        reviewConcurrency,
-        forceTools: FORCE_TOOLS,
-        loggers,
-        debugRecordWriter,
-    });
-    logStep("Posting AI review note to merge request");
-    const noteRes = await postMergeRequestNote({
-        gitLabBaseUrl: new URL(`${ciApiV4Url}/projects/${projectId}`),
-        headers,
-        mergeRequestIid,
-    }, { body: answer });
-    if (noteRes instanceof Error)
-        throw noteRes;
-    if (INCLUDE_ARTIFACTS && artifactHtmlFile != null) {
-        await renderDebugArtifactsHtml({
-            records: artifactRecords,
-            artifactHtmlFile,
-            cliVersion,
+    try {
+        logStep("Fetching merge request changes");
+        const mrChanges = await fetchMergeRequestChanges({
+            gitLabBaseUrl: new URL(ciApiV4Url),
+            headers,
+            projectId,
+            mergeRequestIid,
+        });
+        if (mrChanges instanceof Error)
+            throw mrChanges;
+        const filteredChanges = (mrChanges.changes ?? []).filter((change) => ignoredExtensions.length === 0 ||
+            (!hasIgnoredExtension(change.new_path, ignoredExtensions) &&
+                !hasIgnoredExtension(change.old_path, ignoredExtensions)));
+        if (filteredChanges.length === 0) {
+            process.stdout.write("No changes found in merge request. Skipping review.\n");
+            return;
+        }
+        logStep(`Requesting AI review with model: ${aiModel} (multi-pass pipeline)`);
+        const answer = await reviewMergeRequestMultiPass({
+            openaiInstance: new OpenAI({ apiKey: openaiApiKey }),
             aiModel,
+            promptLimits,
+            changes: filteredChanges,
+            refs: {
+                base: mrChanges.diff_refs?.base_sha ?? "HEAD",
+                head: mrChanges.diff_refs?.head_sha ?? "HEAD",
+            },
+            gitLabProjectApiUrl: new URL(`${ciApiV4Url}/projects/${projectId}`),
+            projectId,
+            headers,
+            maxFindings,
+            reviewConcurrency,
+            forceTools: FORCE_TOOLS,
+            promptProfile,
+            loggers,
+            debugRecordWriter,
         });
+        logStep("Posting AI review note to merge request");
+        const noteRes = await postMergeRequestNote({
+            gitLabBaseUrl: new URL(`${ciApiV4Url}/projects/${projectId}`),
+            headers,
+            mergeRequestIid,
+        }, { body: answer });
+        if (noteRes instanceof Error)
+            throw noteRes;
+        process.stdout.write("Posted AI review comment to merge request.\n");
+    }
+    finally {
+        if (INCLUDE_ARTIFACTS && artifactHtmlFile != null && !artifactWritten) {
+            try {
+                await renderDebugArtifactsHtml({
+                    records: artifactRecords,
+                    artifactHtmlFile,
+                    cliVersion,
+                    aiModel,
+                });
+                artifactWritten = true;
+            }
+            catch (artifactError) {
+                const message = artifactError instanceof Error
+                    ? artifactError.message
+                    : String(artifactError);
+                process.stderr.write(`Failed to write debug artifact "${artifactHtmlFile}": ${message}\n`);
+            }
+        }
     }
-    process.stdout.write("Posted AI review comment to merge request.\n");
 }
 main().catch((err) => {
     const message = err instanceof Error ? err.message : String(err);

package/dist/prompt/index.js

@@ -1,17 +1,18 @@
 /** @format */
-import { buildMainSystemMessages, FILE_REVIEW_SYSTEM, TRIAGE_SYSTEM, } from "./messages.js";
-import { normalizeReviewFindingsMarkdown, sanitizeGitLabMarkdown, truncateWithMarker, } from "./utils.js";
-import { buildConsolidateSystemLines, buildVerificationSystemLines, } from "./templates/postprocess-system.js";
+import { buildFileReviewSystemMessage, buildMainSystemMessages, buildTriageSystemMessage, } from "./messages.js";
+import { extractFirstJsonObject, normalizeReviewFindingsMarkdown, sanitizeGitLabMarkdown, truncateWithMarker, } from "./utils.js";
+import { getConsolidateSystemLines, getVerificationSystemLines, } from "./templates/postprocess-system.js";
 import { buildConsolidateUserContent, buildFileReviewUserContent, buildMainReviewUserContent, buildTriageUserContent, buildVerificationUserContent, } from "./templates/user-prompts.js";
+import { DEFAULT_PROMPT_PROFILE, isEmptyReviewBody } from "./profile.js";
+export { DEFAULT_PROMPT_PROFILE, NO_FINDINGS_SENTENCE, isEmptyReviewBody, parsePromptProfile, } from "./profile.js";
 export const DEFAULT_PROMPT_LIMITS = {
     maxDiffs: 50,
     maxDiffChars: 16000,
     maxTotalPromptChars: 220000,
 };
-const MESSAGES = buildMainSystemMessages();
 export const AI_MODEL_TEMPERATURE = 0.2;
 export const AI_MAX_OUTPUT_TOKENS = 600;
-export const buildPrompt = ({ changes, limits, allowTools = false, }) => {
+export const buildPrompt = ({ changes, limits, allowTools = false, profile = DEFAULT_PROMPT_PROFILE, }) => {
     const effectiveLimits = {
         ...DEFAULT_PROMPT_LIMITS,
         ...(limits ?? {}),
@@ -41,16 +42,19 @@ export const buildPrompt = ({ changes, limits, allowTools = false, }) => {
         changesText,
     });
     const boundedContent = truncateWithMarker(userContent, effectiveLimits.maxTotalPromptChars, "prompt payload");
-    return [...MESSAGES, { role: "user", content: boundedContent }];
+    return [
+        ...buildMainSystemMessages(profile),
+        { role: "user", content: boundedContent },
+    ];
 };
 // ---------------------------------------------------------------------------
 // Multi-pass pipeline prompts
 // ---------------------------------------------------------------------------
 export const DEFAULT_MAX_FINDINGS = 5;
 export const DEFAULT_REVIEW_CONCURRENCY = 5;
-export function buildTriagePrompt(changes) {
+export function buildTriagePrompt(changes, profile = DEFAULT_PROMPT_PROFILE) {
     return [
-        TRIAGE_SYSTEM,
+        buildTriageSystemMessage(profile),
         {
             role: "user",
             content: buildTriageUserContent(changes),
@@ -58,37 +62,74 @@ export function buildTriagePrompt(changes) {
     ];
 }
 export function parseTriageResponse(text) {
-    try {
-        const cleaned = text
-            .replace(/```json?\s*/g, "")
-            .replace(/```\s*/g, "")
-            .trim();
-        const parsed = JSON.parse(cleaned);
-        if (typeof parsed.summary === "string" && Array.isArray(parsed.files)) {
-            return {
+    return parseTriageResponseDetailed(text).result;
+}
+export function parseTriageResponseDetailed(text) {
+    const cleaned = text
+        .replace(/```json?\s*/g, "")
+        .replace(/```\s*/g, "")
+        .trim();
+    if (cleaned === "") {
+        return { result: null, reason: "empty_response", parseError: null };
+    }
+    const tryParse = (src) => {
+        try {
+            return { parsed: JSON.parse(src), error: null };
+        }
+        catch (e) {
+            const msg = e instanceof Error
+                ? e.message
+                : typeof e === "string"
+                    ? e
+                    : JSON.stringify(e);
+            return { parsed: null, error: msg };
+        }
+    };
+    let attempt = tryParse(cleaned);
+    // Some providers ignore JSON-mode and prefix prose like "Here is the JSON: {...}".
+    // Recover by extracting the first balanced {...} block and parsing that.
+    if (attempt.parsed == null) {
+        const extracted = extractFirstJsonObject(cleaned);
+        if (extracted != null && extracted !== cleaned) {
+            attempt = tryParse(extracted);
+        }
+    }
+    if (attempt.parsed == null || typeof attempt.parsed !== "object") {
+        return {
+            result: null,
+            reason: "invalid_json",
+            parseError: attempt.error,
+        };
+    }
+    const parsed = attempt.parsed;
+    if (typeof parsed.summary === "string" && Array.isArray(parsed.files)) {
+        return {
+            result: {
                 summary: parsed.summary,
                 files: parsed.files
-                    .filter((f) => typeof f.path === "string" &&
-                    (f.verdict === "NEEDS_REVIEW" || f.verdict === "SKIP"))
+                    .filter((f) => typeof f === "object" &&
+                    f != null &&
+                    typeof f.path === "string" &&
+                    (f.verdict === "NEEDS_REVIEW" ||
+                        f.verdict === "SKIP"))
                     .map((f) => ({
                     path: f.path,
                     verdict: f.verdict,
                 })),
-            };
-        }
-    }
-    catch {
-        // JSON parse failure — caller will fall back to single-pass.
+            },
+            reason: null,
+            parseError: null,
+        };
     }
-    return null;
+    return { result: null, reason: "invalid_schema", parseError: null };
 }
 export function buildFileReviewPrompt(params) {
-    const { filePath, fileDiff, summary, otherChangedFiles, allowTools = false, } = params;
+    const { filePath, fileDiff, summary, otherChangedFiles, allowTools = false, profile = DEFAULT_PROMPT_PROFILE, } = params;
     const toolNote = allowTools
         ? "Tools (get_file_at_ref, grep_repository) are available to verify suspicions or read the full file."
         : "Tools are unavailable; rely only on visible diff evidence.";
     return [
-        FILE_REVIEW_SYSTEM,
+        buildFileReviewSystemMessage(profile),
         {
             role: "user",
             content: buildFileReviewUserContent({
@@ -102,9 +143,8 @@ export function buildFileReviewPrompt(params) {
     ];
 }
 export function buildConsolidatePrompt(params) {
-    const { perFileFindings, summary, maxFindings } = params;
-    const meaningful = perFileFindings.filter((f) => !f.findings.includes("No issues found.") &&
-        !f.findings.includes("No confirmed bugs"));
+    const { perFileFindings, summary, maxFindings, profile = DEFAULT_PROMPT_PROFILE, } = params;
+    const meaningful = perFileFindings.filter((f) => !isEmptyReviewBody(f.findings));
     if (meaningful.length === 0)
         return null;
     const findingsText = meaningful
@@ -113,7 +153,7 @@ export function buildConsolidatePrompt(params) {
     return [
         {
             role: "system",
-            content: buildConsolidateSystemLines(maxFindings).join("\n"),
+            content: getConsolidateSystemLines(profile, maxFindings).join("\n"),
         },
         {
             role: "user",
@@ -126,14 +166,14 @@ export function buildConsolidatePrompt(params) {
     ];
 }
 export function buildVerificationPrompt(params) {
-    const { perFileFindings, summary, consolidatedFindings, maxFindings, refs } = params;
+    const { perFileFindings, summary, consolidatedFindings, maxFindings, refs, profile = DEFAULT_PROMPT_PROFILE, } = params;
     const findingsText = perFileFindings
         .map((f) => `### ${f.path}\n${f.findings}`)
         .join("\n\n");
     return [
         {
             role: "system",
-            content: buildVerificationSystemLines(maxFindings).join("\n"),
+            content: getVerificationSystemLines(profile, maxFindings).join("\n"),
         },
         {
             role: "user",

package/dist/prompt/messages.js

@@ -1,17 +1,22 @@
 /** @format */
-import { FILE_REVIEW_SYSTEM_LINES, MAIN_SYSTEM_LINES, } from "./templates/review-system.js";
-import { TRIAGE_SYSTEM_LINES } from "./templates/triage-system.js";
-export const buildMainSystemMessages = () => [
+import { getFileReviewSystemLines, getMainSystemLines, } from "./templates/review-system.js";
+import { getTriageSystemLines } from "./templates/triage-system.js";
+import { DEFAULT_PROMPT_PROFILE } from "./profile.js";
+export const buildMainSystemMessages = (profile = DEFAULT_PROMPT_PROFILE) => [
     {
         role: "system",
-        content: MAIN_SYSTEM_LINES.join("\n"),
+        content: getMainSystemLines(profile).join("\n"),
     },
 ];
-export const TRIAGE_SYSTEM = {
+export const buildTriageSystemMessage = (profile = DEFAULT_PROMPT_PROFILE) => ({
     role: "system",
-    content: TRIAGE_SYSTEM_LINES.join("\n"),
-};
-export const FILE_REVIEW_SYSTEM = {
+    content: getTriageSystemLines(profile).join("\n"),
+});
+export const buildFileReviewSystemMessage = (profile = DEFAULT_PROMPT_PROFILE) => ({
     role: "system",
-    content: FILE_REVIEW_SYSTEM_LINES.join("\n"),
-};
+    content: getFileReviewSystemLines(profile).join("\n"),
+});
+/** @deprecated kept for backward compatibility — use buildTriageSystemMessage(). */
+export const TRIAGE_SYSTEM = buildTriageSystemMessage();
+/** @deprecated kept for backward compatibility — use buildFileReviewSystemMessage(). */
+export const FILE_REVIEW_SYSTEM = buildFileReviewSystemMessage();

package/dist/prompt/profile.js

@@ -0,0 +1,29 @@
+/** @format */
+export const DEFAULT_PROMPT_PROFILE = "default";
+/** Canonical phrase the model is asked to emit when no findings survive
+ *  review/verification. Parsers are tolerant of common synonyms. */
+export const NO_FINDINGS_SENTENCE = "No confirmed bugs or high-value optimizations found.";
+const NO_FINDINGS_PATTERNS = [
+    /\bno\s+(?:confirmed\s+)?(?:bugs?|issues?|findings?|defects?|problems?)\b[^.\n]{0,80}\b(?:found|detected|identified|reported)\b/i,
+    /\bnothing\s+to\s+report\b/i,
+    /\bno\s+high[- ]value\s+optimizations?\s+found\b/i,
+    /\ball\s+clear\b/i,
+];
+const SEVERITY_HEADER_PATTERN = /\[(?:high|medium)\]/i;
+/** Returns true when the model emitted a "no findings" sentinel (or a common
+ *  synonym) and there are no severity bullets in the body. Severity bullets
+ *  always win — a real finding is never treated as empty. */
+export function isEmptyReviewBody(text) {
+    const trimmed = text.trim();
+    if (trimmed === "")
+        return true;
+    if (SEVERITY_HEADER_PATTERN.test(trimmed))
+        return false;
+    return NO_FINDINGS_PATTERNS.some((re) => re.test(trimmed));
+}
+export function parsePromptProfile(value) {
+    const v = (value ?? "").trim().toLowerCase();
+    if (v === "weak")
+        return "weak";
+    return "default";
+}

package/dist/prompt/templates/postprocess-system.js

@@ -1,5 +1,6 @@
 /** @format */
-export function buildConsolidateSystemLines(maxFindings) {
+import { NO_FINDINGS_SENTENCE } from "../profile.js";
+function buildConsolidateDefaultLines(maxFindings) {
     return [
         "You consolidate per-file code review findings into a final ranked list.",
         `Select the top ${maxFindings} most important findings. Deduplicate overlapping issues.`,
@@ -12,11 +13,43 @@ export function buildConsolidateSystemLines(maxFindings) {
         "Do not add new findings. Do not add headings, summaries, or commentary.",
         "Drop any finding that: claims a syntax error without quoting the invalid token, claims a function/variable is missing without concrete proof, or flags a refactoring rename as a bug.",
         `If fewer than ${maxFindings} findings exist, return all of them.`,
-        'If all findings are low quality or dubious after dedup, return exactly: "No confirmed bugs or high-value optimizations found."',
+        `If all findings are low quality or dubious after dedup, return exactly: "${NO_FINDINGS_SENTENCE}"`,
         "GitLab-flavoured markdown.",
     ];
 }
-export function buildVerificationSystemLines(maxFindings) {
+function buildConsolidateWeakLines(maxFindings) {
+    return [
+        "You merge per-file review findings into one ranked list.",
+        "Output bullets only — no preamble, no headings, no code fences.",
+        `Keep at most ${maxFindings} findings. Do not invent new ones.`,
+        "",
+        "Steps:",
+        "1. Drop duplicates and findings that are reworded versions of each other (keep the clearest).",
+        "2. Drop a finding if it has no concrete evidence (no file/line, vague reasoning, or just \"this might be wrong\").",
+        "3. Sort the remainder: all [high] before any [medium]; within a tier, correctness bugs before security before perf.",
+        "4. Take the top items up to the limit.",
+        "",
+        "Output format — copy spacing and case exactly, do not wrap bullets in backticks:",
+        "- [high|medium] <short title>",
+        "  File: <path>",
+        "  Line: ~<N>",
+        "  Why: <one sentence pointing at the evidence>",
+        "",
+        "Example output (two findings, ranked):",
+        "- [high] Null pointer dereference in user lookup",
+        "  File: src/user/service.ts",
+        "  Line: ~42",
+        "  Why: getUser() can return null but the next line calls user.id without a guard.",
+        "",
+        "- [medium] Off-by-one in pagination loop",
+        "  File: src/api/list.ts",
+        "  Line: ~88",
+        "  Why: loop runs while i <= total but indices are 0-based, so the last item is read past the array end.",
+        "",
+        `If after dedup nothing survives, output exactly this single line and nothing else: ${NO_FINDINGS_SENTENCE}`,
+    ];
+}
+function buildVerificationDefaultLines(maxFindings) {
     return [
         "You are a skeptical verifier of a merge request review.",
         "Your job is to remove weak, speculative, or unsupported findings from the draft list.",
@@ -32,7 +65,54 @@ export function buildVerificationSystemLines(maxFindings) {
         "`  Why: <one concise sentence with key evidence>`",
         "Do not add headings, summaries, or extra commentary.",
         `Return at most ${maxFindings} findings.`,
-        'If no findings survive verification, return exactly: "No confirmed bugs or high-value optimizations found."',
+        `If no findings survive verification, return exactly: "${NO_FINDINGS_SENTENCE}"`,
         "GitLab-flavoured markdown.",
     ];
 }
+function buildVerificationWeakLines(maxFindings) {
+    return [
+        "You verify a draft list of merge-request review findings against the actual repository.",
+        "Output bullets only — no preamble, no headings, no code fences. Do not invent new findings.",
+        `Return at most ${maxFindings} findings.`,
+        "",
+        "For each draft finding, follow these steps in order:",
+        "1. Look it up in the per-file evidence pool. If it is not in the evidence pool, drop it.",
+        "2. If the finding makes a claim about code that exists at refs.head, call get_file_at_ref(path, refs.head) and confirm the offending text really sits at the cited line (±10 lines is fine).",
+        "3. If the file contents at refs.head do not contain the offending text, or contain a corrected version of it, drop the finding.",
+        "4. If you cannot confirm the claim with one or two tool calls, drop the finding.",
+        "",
+        "Keep a finding only after step 3 succeeds. Otherwise drop it.",
+        "",
+        "Output format — copy spacing and case exactly, do not wrap bullets in backticks:",
+        "- [high|medium] <short title>",
+        "  File: <path>",
+        "  Line: ~<N>",
+        "  Why: <one sentence pointing at the evidence you confirmed>",
+        "",
+        "Example — KEEP this finding because get_file_at_ref shows the cited code at refs.head:",
+        "- [high] Null pointer dereference in user lookup",
+        "  File: src/user/service.ts",
+        "  Line: ~42",
+        "  Why: getUser() returns null on miss and the next line calls user.id without a guard (confirmed in src/user/service.ts at refs.head).",
+        "",
+        "Example — DROP a finding when refs.head shows the bug is already gone (do not output it).",
+        "",
+        `If after verification nothing survives, output exactly this single line and nothing else: ${NO_FINDINGS_SENTENCE}`,
+    ];
+}
+export function buildConsolidateSystemLines(maxFindings) {
+    return buildConsolidateDefaultLines(maxFindings);
+}
+export function buildVerificationSystemLines(maxFindings) {
+    return buildVerificationDefaultLines(maxFindings);
+}
+export function getConsolidateSystemLines(profile, maxFindings) {
+    return profile === "weak"
+        ? buildConsolidateWeakLines(maxFindings)
+        : buildConsolidateDefaultLines(maxFindings);
+}
+export function getVerificationSystemLines(profile, maxFindings) {
+    return profile === "weak"
+        ? buildVerificationWeakLines(maxFindings)
+        : buildVerificationDefaultLines(maxFindings);
+}

package/dist/prompt/templates/review-system.js

@@ -1,5 +1,6 @@
 /** @format */
-export const MAIN_SYSTEM_LINES = [
+import { NO_FINDINGS_SENTENCE } from "../profile.js";
+const MAIN_DEFAULT_LINES = [
     "You are an AI code reviewer for pull requests.",
     "Find only real bugs introduced by the diff.",
     "Return at most 3 findings. Prefer no finding over a weak one.",
@@ -9,7 +10,7 @@ export const MAIN_SYSTEM_LINES = [
     "- Ignore style, refactoring suggestions, and general best practices.",
     "- If uncertain, use tools: get_file_at_ref and grep_repository.",
     "- Report only issues clearly visible in diff or verified by tools.",
-    '- If uncertain after checking, return exactly: "No confirmed bugs or high-value optimizations found."',
+    `- If uncertain after checking, return exactly: "${NO_FINDINGS_SENTENCE}"`,
     "",
     "Severity:",
     "- [high]: deterministic runtime/security breakage with clear path.",
@@ -20,9 +21,40 @@ export const MAIN_SYSTEM_LINES = [
     "- `  File: <path>`",
     "- `  Line: ~<N>`",
     "- `  Why: <one concise sentence with evidence>`",
-    '- If no issues: exactly "No confirmed bugs or high-value optimizations found."',
+    `- If no issues: exactly "${NO_FINDINGS_SENTENCE}"`,
 ];
-export const FILE_REVIEW_SYSTEM_LINES = [
+const MAIN_WEAK_LINES = [
+    "You are an AI bug-finder for a merge request.",
+    "Output bullets only — no preamble, no headings, no code fences, no closing remarks.",
+    "Return at most 3 findings.",
+    "",
+    "Report a finding ONLY when ALL of these are true:",
+    "1. The bug is on a line added or modified in the diff (or a direct consequence of one).",
+    "2. You can quote the offending text from the diff or from get_file_at_ref output.",
+    "3. The bug causes wrong behavior, a crash, a security issue, or data loss — not a style nit.",
+    "If any of those is not true, do not include the finding.",
+    "",
+    "When the diff is unclear, call the tools: get_file_at_ref(path, ref) or grep_repository(query, ref). Prefer the head ref.",
+    "",
+    "Severity tags:",
+    "- [high] = will break at runtime or leak data.",
+    "- [medium] = strong evidence of a bug, but conditions matter.",
+    "",
+    "Output format — copy spacing and case exactly, do not wrap in backticks or fences:",
+    "- [high|medium] <short title>",
+    "  File: <path>",
+    "  Line: ~<N>",
+    "  Why: <one sentence pointing at the evidence>",
+    "",
+    "Example of a valid finding:",
+    "- [high] Null pointer dereference in user lookup",
+    "  File: src/user/service.ts",
+    "  Line: ~42",
+    "  Why: getUser() can return null but the next line calls user.id without a guard.",
+    "",
+    `If you cannot meet all three conditions for any finding, output exactly this single line and nothing else: ${NO_FINDINGS_SENTENCE}`,
+];
+const FILE_DEFAULT_LINES = [
     "You are an AI reviewer for a single-file diff.",
     "Find only real bugs introduced by changed lines.",
     "Return at most 2 findings. Prefer no finding over a weak one.",
@@ -32,7 +64,7 @@ export const FILE_REVIEW_SYSTEM_LINES = [
     "- Ignore style/refactor/general improvement comments.",
     "- If uncertain, use tools: get_file_at_ref and grep_repository.",
     "- Report only issues clearly visible in diff or verified by tools.",
-    '- If uncertain after checking, return exactly: "No issues found."',
+    `- If uncertain after checking, return exactly: "${NO_FINDINGS_SENTENCE}"`,
     "",
     "Severity:",
     "- [high]: deterministic runtime/security breakage with clear path.",
@@ -43,5 +75,46 @@ export const FILE_REVIEW_SYSTEM_LINES = [
     "- `  File: <path>`",
     "- `  Line: ~<N>`",
     "- `  Why: <one concise sentence with evidence>`",
-    '- If no issues: exactly "No issues found."',
+    `- If no issues: exactly "${NO_FINDINGS_SENTENCE}"`,
+];
+const FILE_WEAK_LINES = [
+    "You are an AI bug-finder reviewing one file's diff.",
+    "Output bullets only — no preamble, no headings, no code fences.",
+    "Return at most 2 findings.",
+    "",
+    "Report a finding ONLY when ALL of these are true:",
+    "1. The bug is on a line added or modified in this file's diff.",
+    "2. You can quote the offending text from the diff or from get_file_at_ref output.",
+    "3. The bug causes wrong behavior, a crash, a security issue, or data loss.",
+    "If any of those is not true, do not include the finding.",
+    "",
+    "When the diff is unclear, call the tools: get_file_at_ref(path, ref) or grep_repository(query, ref). Prefer the head ref.",
+    "",
+    "Severity tags:",
+    "- [high] = will break at runtime or leak data.",
+    "- [medium] = strong evidence of a bug, but conditions matter.",
+    "",
+    "Output format — copy spacing and case exactly, do not wrap in backticks or fences:",
+    "- [high|medium] <short title>",
+    "  File: <path>",
+    "  Line: ~<N>",
+    "  Why: <one sentence pointing at the evidence>",
+    "",
+    "Example of a valid finding:",
+    "- [medium] Off-by-one in pagination loop",
+    "  File: src/api/list.ts",
+    "  Line: ~88",
+    "  Why: loop runs while i <= total but indices are 0-based, so the last item is read past the array end.",
+    "",
+    `If you cannot meet all three conditions for any finding, output exactly this single line and nothing else: ${NO_FINDINGS_SENTENCE}`,
 ];
+export function getMainSystemLines(profile) {
+    return profile === "weak" ? MAIN_WEAK_LINES : MAIN_DEFAULT_LINES;
+}
+export function getFileReviewSystemLines(profile) {
+    return profile === "weak" ? FILE_WEAK_LINES : FILE_DEFAULT_LINES;
+}
+/** @deprecated kept for backward compatibility — use getMainSystemLines("default"). */
+export const MAIN_SYSTEM_LINES = MAIN_DEFAULT_LINES;
+/** @deprecated kept for backward compatibility — use getFileReviewSystemLines("default"). */
+export const FILE_REVIEW_SYSTEM_LINES = FILE_DEFAULT_LINES;

package/dist/prompt/templates/triage-system.js

@@ -1,11 +1,11 @@
 /** @format */
-export const TRIAGE_SYSTEM_LINES = [
+const DEFAULT_LINES = [
     "You are a senior developer triaging files in a merge request.",
     "For each file, decide whether it NEEDS_REVIEW (modifies logic, functionality, security, or performance) or can be SKIPPED (cosmetic-only: formatting, comments, renaming for clarity, docs, auto-generated files).",
     "",
     "Also produce a concise summary (2-4 sentences) of the entire merge request: what it does and which areas it touches.",
     "",
-    "Respond with a JSON object (no markdown fences) in this exact schema:",
+    "Respond with a JSON object (no markdown fences, no prose before or after) in this exact schema:",
     '{ "summary": "<MR summary>", "files": [{ "path": "<file path>", "verdict": "NEEDS_REVIEW" | "SKIP" }] }',
     "",
     "Rules:",
@@ -18,4 +18,31 @@ export const TRIAGE_SYSTEM_LINES = [
     "- Test files that add, remove, or change assertions or expected values are NEEDS_REVIEW.",
     "- Test-only files are SKIP only if changes are purely cosmetic (formatting, comments).",
     "- Config/CI/docs files are SKIP unless they modify build targets, env vars, or secrets.",
+    "",
+    "Example output (copy this style exactly — single JSON object, no fences, no preamble):",
+    '{"summary":"Adds retry-with-backoff to the OpenAI client and updates the README badge.","files":[{"path":"src/openai/client.ts","verdict":"NEEDS_REVIEW"},{"path":"README.md","verdict":"SKIP"}]}',
+];
+const WEAK_LINES = [
+    "You triage merge-request files. Output one JSON object only — no prose, no markdown, no code fences, no preamble.",
+    "",
+    "Schema (use exactly these keys):",
+    '{"summary":"<2-3 sentences about the MR>","files":[{"path":"<file path>","verdict":"NEEDS_REVIEW" | "SKIP"}]}',
+    "",
+    "Mark a file NEEDS_REVIEW when ANY of these is true:",
+    "- the diff adds or removes non-comment lines,",
+    "- the diff changes a function signature, return type, control flow, or variable value,",
+    "- the file is new and contains code,",
+    "- a test changes an assertion or expected value,",
+    "- a config/CI file changes build targets, env vars, or secrets.",
+    "",
+    "Mark a file SKIP only when the diff is purely cosmetic: whitespace, comments, JSDoc, plain docs, auto-generated files, or deletions that cannot affect callers.",
+    "When in doubt, choose NEEDS_REVIEW.",
+    "",
+    "Example output (copy this exactly — one line, one JSON object, nothing else):",
+    '{"summary":"Adds retry-with-backoff to the OpenAI client and updates the README badge.","files":[{"path":"src/openai/client.ts","verdict":"NEEDS_REVIEW"},{"path":"README.md","verdict":"SKIP"}]}',
 ];
+export function getTriageSystemLines(profile) {
+    return profile === "weak" ? WEAK_LINES : DEFAULT_LINES;
+}
+/** @deprecated kept for backward compatibility — use getTriageSystemLines("default"). */
+export const TRIAGE_SYSTEM_LINES = DEFAULT_LINES;

package/dist/prompt/utils.js

@@ -1,4 +1,46 @@
 /** @format */
+/** Extract the first balanced JSON object substring from arbitrary text.
+ *  Useful when an LLM wraps JSON in prose ("Here is the result: { ... }").
+ *  Returns null if no balanced object is found. */
+export function extractFirstJsonObject(input) {
+    let depth = 0;
+    let start = -1;
+    let inString = false;
+    let escape = false;
+    for (let i = 0; i < input.length; i += 1) {
+        const ch = input[i];
+        if (inString) {
+            if (escape) {
+                escape = false;
+            }
+            else if (ch === "\\") {
+                escape = true;
+            }
+            else if (ch === '"') {
+                inString = false;
+            }
+            continue;
+        }
+        if (ch === '"') {
+            inString = true;
+            continue;
+        }
+        if (ch === "{") {
+            if (depth === 0)
+                start = i;
+            depth += 1;
+        }
+        else if (ch === "}") {
+            if (depth === 0)
+                continue;
+            depth -= 1;
+            if (depth === 0 && start >= 0) {
+                return input.slice(start, i + 1);
+            }
+        }
+    }
+    return null;
+}
 export function truncateWithMarker(value, maxChars, markerLabel) {
     if (value.length <= maxChars)
         return value;

package/package.json

@@ -1,7 +1,7 @@
 {
   "type": "module",
   "name": "@krotovm/gitlab-ai-review",
-  "version": "1.0.30",
+  "version": "1.0.33",
   "description": "CLI tool to generate AI code reviews for GitLab merge requests.",
   "main": "dist/cli.js",
   "bin": {